Support GPG signing RPM packages #141

Closed
alexrecarey opened this Issue Jan 3, 2012 · 4 comments

4 participants

@alexrecarey

Just an idea, as I do not know how difficult it will be to implement, and I am not adept enough in Ruby to code it myself.

Signing RPM's is a great way to trust the packages you are installing, and just good practice all around.

@jordansissel
Owner

Thanks for the idea! Someone will surely need this and patch it in if I don't get to it first :)

@kiranos

any news on this? also is there a way to sign DEB files today? cant find it or should this ticket include both?

@jordansissel
Owner

I haven't had energy to write this feature yet for RPM. Same for deb, though with debs I have found that in practice, nobody signs their debs, but many sign apt repos - even debian/ubuntu upstream only sign the apt repo listings, not the packages themselves.

Feel free to file a separate ticket for deb package signing :)

@r4um
Collaborator

Just need to pass --sign to rpmbuild via a command line switch, there is nothing else that can be done by fpm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment